juniper netscreen (screenos) traffic log report - Splunk Community

All Apps and Add-ons

Hi does anyone has experience with creating a report from a Juniper Netscreen (ScreenOS) traffic log?

My customer needs a report with all unique IP's and their received and their sent data during a specific period. Any idea how to do this ?

Furthermore is it possible to add names to these IP's ?

thx

tmichels,

A sample would go along way in terms of providing configuration details, but I can speak in generalities.

Splunk can easily extract both src/dest IP and calculate unique (distinct) counts for these extracted fields. For example: | stats dc(src_ip) as unique_src_ips
It is possible to add additional information based on an IP Address lookup. The integration depends on your data source. Is this information in a CSV? If yes, you can use a standard Splunk lookup. If it's accessible via an API or DB, you can use a scripted (custom) lookup

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...